Generally, cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.

SQL Injection is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

In order to clear above two issues, we have to clean and sanitize the inputs from users. Please apply following changes for your store:

Step 1. Go to includes/functions/general.php and then add following code at the bottom of file:

That’s it. This will prevent your store from cross site scripting attacks and sql injection. It will clean all the malicious bits from user’s input.

It may be difficult for you to apply above changes for your store if you are not a developer. Don’t worry about it. If you need our technical support or assistance for the upgrade, please don’t hesitate to contact us via support@tomatocart.com. We prefer to provide free technical support service for Arvixe users.